HP UX Security Products and Features Software manual User keys, Administrator keys

Page 20

As in the previous example, a prompt appears for the private key passphrase because it is not included. RSA public keys are generally not considered secret quantities and are not encrypted. Not protecting public keys does not cause a security breach. WLI follows this convention.

3.2 User keys

A user key can have no authorization for WLI operations and still suffice for creating WLI file access policies and signing executable binaries. WLI user authorization enables a key for verifying signatures and file access policies during run-time operations.

A WLI administrator key can authorize an RSA key to enable run-time enforcement of WLI policies created with the key. This authorization is accomplished by copying the public key and associated information into a file under WLI database directory /etc/wli/certificates. For details on authorizing keys, see wlicert(1M).

User key authorization enables the following:

An authorized key enables a WLI file access policy to be enforced for run-time access requests on the file. The public key must verify the signature on the file access policy as part of enforcement.

Any key can generate a WLI policy but only an authorized key can verify a policy signature. For details on generating file access policies, see wlipolicy(1).

Capabilities can be granted to an authorized key. The file /etc/wli/wlicert.conf retains information on authorized keys that also have capabilities. An authorized key with a capability can authorize an executable to use a particular WLI-protected resource.

Any unauthorized key can sign and grant a capability to an executable. For the executable to use the WLI-protected resource, the key used for its signing must be authorized as a user key and granted the capability. For details on granting capabilities to executables, see wlisign(1). For granting capabilities to authorized keys, see wlicert(1M).

3.3Administrator keys

A WLI administrator key has all the authority of an authorized user key. A WLI administrator key also has authority to execute WLI administrative commands.

Multiple WLI administrator keys can be defined. The number of administrator keys depends on site security requirements and is left to the discretion of WLI administrators.

Administrator authority is required to:

Grant WLI administrator authority to keys with wliadm. The key can already have WLI user authority.

Remove administrator authority from a key with wlicert. A key can remove its own administrator authority.

Grant one or more capabilities to a key. An administrator key can grant a capability to itself.

Grant user authority to a key for file access policy enforcement with wlicert. All administrator keys are authorized for policy enforcement without an explicit grant through wlicert. Set the storage type for WLI metadata with wlisys. A key is not required for storage type retrieval.

Set WLI security attributes with wlisyspolicy. A key is not required to query these attribute values.

Sign executable binaries that are invoked through wliwrap to execute with one or more capabilities. An administrator key is not required to authorize execution of wliwrap. Execution of wliwrap can be authorized by any user key that is granted the capabilities.

20 Key usage

Page 19 Page 21
Image 20
Page 19 Page 21
Contents HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page File lock access controls Security featuresFile access policies Identity-based access controls Capabilities4 api Page Product overview WLI architectureCommands Application APIApplications WLI database WLI metadata files3 .$WLISIGNATURE$ Page Key usage Generating keysAdministrator keys User keysInstalling WLI Installing, removing, and upgradingInstallation requirements Removing WLI Upgrading WLI Page Authorizing administrator keys ConfiguringAuthorizing the recovery key Signing DLKMs Backing up the WLI databaseRebooting to restricted mode Page Creating a Flac policy Enhancing security with WLISigning an executable binary Creating an Ibac policy Removing a file access policyEnabling DLKMs to load during boot # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/ciss Wlisign -a -k adminpriv /usr/sbin/kcmoduleLoading unsigned DLKMs # kcmodule ciss=unusedPage WLI database files Backup and restore considerationsOverview Policy protected and metadata files Write protectedRead/write protected files RecommendationsMetadata files Flac policiesIbac policies Page WLI database HP Serviceguard considerationsAdministration Policy protected files Troubleshooting and known issues Software distributor issuesWLI reinstallation Lost WLI administrator key or passphraseWlisyspolicy -s mode=maintenance -k adminkey Su root # rm -r /etc/wli# tar -xf /tmp/wlikeydb.tar # kcmodule wli=unused # shutdown -rRelated information Support and other resourcesContacting HP User input Typographic conventionsWebsites Times Page # make clean Instructions# make all # su wliusr1Flac add and delete program Ibac add and delete programIbac add and delete program Page Administration examples Wlicert -s -c wli.admin1 -o wmd -k adm1.pvt Su root # wlisign -a -k adm1.pvt /usr/bin/tarTar -vtf tartest.tar Bdf mydirCat /tmp/.$WLIFSPARMS$ Wlisys -k adm1.pvt -s wmdstoretype=pseudoBpbackup -f backuplist Bprestore -f backuplistQuick setup examples Configuring WLIAuthorizing an administrator key Authorizing a user keyTesting a Flac policy Flac policiesCreating a Flac policy Enabling a Flac policyIbac policies Disabling an Ibac policy Removing an Ibac policyGlossary ASMPage Symbols IndexIndex
Related manuals
Manual 130 pages 58.55 Kb
Top Page Image Contents